Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-5884

Make optional the addition of default ports to HTTP Host Header on the PSM.




      Here is the relevant section of the standard related with the host header:

      14.23 Host
      The Host request-header field specifies the Internet host and port number of the resource being requested, as obtained from the original URI given by the user or referring resource (generally an HTTP URL, as described in section 3.2.2). The Host field value MUST represent the naming authority of the origin server or gateway given by the original URL. This allows the origin server or gateway to differentiate between internally-ambiguous URLs, such as the root "/" URL of a server for multiple host names on a single IP address.
             Host = "Host" ":" host [ ":" port ]
      A "host" without any trailing port information implies the default port for the service requested (e.g., "80" for an HTTP URL). For example, a request on the origin server for <http://www.w3.org/pub/WWW/> would properly include:
             GET /pub/WWW/ HTTP/1.1
             Host: www.w3.org
      A client MUST include a Host header field in all HTTP/1.1 request messages . If the requested URI does not include an Internet host name for the service being requested, then the Host header field MUST be given with an empty value. An HTTP/1.1 proxy MUST ensure that any request message it forwards does contain an appropriate Host header field that identifies the service being requested by the proxy. All Internet-based HTTP/1.1 servers MUST respond with a 400 (Bad Request) status code to any HTTP/1.1 request message which lacks a Host header field.

      It is clear that the inclusion of the port is optional specially for the default ports.

      There is a customer running Microsoft IIS 7.5 on some web-servers that serve several virtual hosts that complain when making HTTP requests with the port 80 at the end of the host header, returning an HTTP Error 500.

      This prevents the proper usage of the PSM on this scenario, and tracking the source of the problem at IIS side is really hard. Removing the port 80 from the host header is the solution to avoid problems with IIS.

      This removal is consistent with the standard, and should not represent any problem with other web-servers. So, the idea is to verify if the port is 80 (HTTP) or 443 (HTTPS) and avoid adding the port to the host header in any of those cases; otherwise, the port will be added (for example, when using a non-standard port like 8000 or 8080).




            agalue Alejandro Galue
            agalue Alejandro Galue
            0 Vote for this issue
            1 Start watching this issue